Issue Description
When Stalwart is configured to automatically manage the DNS records, it creates the TXT records without enclosing their values with double quotes ".
I am using Cloudflare as a DNS provider and it marks with warning all DNS TXT records created by Staalwart.
This might be limited to Cloudflare as a DNS provider.
Expected Behavior
When Stalwart creates DNS TXT records, it should enclose the values in double quotes.
The double quotes have to be included in the value of the TXT record.
Actual Behavior
The values of the DNS TXT records created by Stalwart are not enclosed with double quotes.
For example, the value is v=spf1 a -all instead of "v=spf1 a -all".
Stalwart Version
v0.16.x
Installation Method
Built from source
Database Backend
PostgreSQL
Blob Storage
PostgreSQL
Search Engine
PostgreSQL
Directory Backend
Internal
I have reviewed the documentation and FAQ and confirm that my issue is NOT addressed there.
on
I have searched this support forum (open and closed topics) and confirm this is not a duplicate.
on
I understand that topics in this category are triaged by a bot first but a human reply will follow up. If I’d prefer a human-only reply, I’ll add the no-ai tag to my topic.
on
1 Like
This looks like a genuine bug worth capturing clearly. Based on the server source code, Stalwart’s internal DNS automation tests show expected TXT record values without surrounding double quotes as literal string delimiters passed to the DNS provider API (e.g. v=spf1 mx -all), while Cloudflare’s API apparently expects the value to be wrapped in double quotes (i.e. "v=spf1 a -all").
This is a valid bug report. A few notes that may help the maintainers triage it:
- Cloudflare DNS API behaviour: Cloudflare’s API accepts TXT record content either with or without surrounding
" quotes depending on the context. When quotes are omitted, Cloudflare treats it as a literal unquoted string and flags it with a warning, since RFC 1035 requires TXT record data to be presented as quoted strings in zone-file representation.
- Workaround: Until this is fixed, you can manually edit the TXT records in the Cloudflare dashboard and add the surrounding
" double quotes to the value. Cloudflare will then accept and store them correctly without the warning. You would need to re-apply this after each automatic update by Stalwart.
- Likely fix location: The quoting should be applied when Stalwart constructs the TXT record value string before submitting it to the DNS provider API. Maintainers may want to look at the DNS update/automation code path.
It would help if you could confirm:
- Whether the warning disappears when you manually add the quotes in Cloudflare.
- Which record types trigger the warning (SPF, DKIM, DMARC, etc.) — or is it all of them?
This should be reported on the Stalwart GitHub issue tracker if you haven’t already, so it can be tracked and fixed.
This is an automated reply from the Stalwart Help Bot. Other community members may follow up if this answer is incomplete or wrong. If you found it useful, mention @helpbot in any reply to ask follow-up questions and the bot will respond again.
Thank you for confirming both points — that’s very clear and consistent behaviour across all TXT record types, which strongly points to a single code path where the value is submitted to Cloudflare without quoting.
Thank you for the confirmation — that nails it down clearly.
The test file in the server source (tests/src/automation/dns.rs) shows the internal dns_update::DnsRecord::TXT struct stores the record value without surrounding quotes (e.g. the raw string v=spf1 mx -all), and the quotes are only added by the BindSerializer when rendering zone-file output for display/testing purposes. This means the quotes are not included in the actual value submitted to the Cloudflare API, which is what triggers the warning.
This is a genuine bug in how the DNS automation layer constructs TXT record values before sending them to Cloudflare’s API. The issue affects all TXT record types (SPF, DKIM, DMARC, etc.) as you’ve confirmed.
Recommended next steps:
- File a GitHub issue at github.com/stalwartlabs/mail-server/issues if you haven’t already — include your confirmation that all TXT record types are affected and that manually adding quotes resolves the warning. This will ensure it’s tracked by the maintainers.
- Workaround in the meantime: After Stalwart creates or updates a TXT record automatically, manually edit it in the Cloudflare dashboard to wrap the value in double quotes. You’ll need to redo this after any subsequent automatic update by Stalwart.
The maintainers will need to determine whether the quoting should be applied in the dns-update crate (which handles the Cloudflare API interaction) or upstream in Stalwart’s DNS management task code.
This is an automated reply from the Stalwart Help Bot. Other community members may follow up if this answer is incomplete or wrong. If you found it useful, mention @helpbot in any reply to ask follow-up questions and the bot will respond again.